• All Files
ArubaOS 8.6.0.0帮助中心
You are here: Home > Roles and Policies > User Roles

创建用户角色

用户角色包括用户角色设置,防火墙Firewall is a network security system used for preventing unauthorized access to or from a private network.政策和带宽合同。本节介绍创建和删除用户角色的过程,并关联防火墙Firewall is a network security system used for preventing unauthorized access to or from a private network.担任该角色的政策。

关联的命令ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.用户角色各不相同,取决​​于ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.与该角色相关联。用户角色在全球范围内应用托管设备,所以以太类型,苹果电脑媒体访问控制。MAC地址是分配给网络通信网络接口的唯一标识符。and sessionACLSAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.可以应用于全球用户角色。但是,路由访问列表之间的位置可能会有所不同,因此它们在本地配置设置中映射到用户角色。

要将用户角色与Ethertype相关联,苹果电脑媒体访问控制。MAC地址是分配给网络通信网络接口的唯一标识符。或会话ACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port., use the用户角色<角色>访问列表eth | mac | session command.

To associate a user role with an routingACLAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port., use therouting-policy-mapcommand.

The following procedure describes how to create a new user role:

1.在里面Managed Networknode hierarchy, navigate to the配置>Roles & Policies>Roles

2.点击+创建新角色。

3.Enter aNamefor the new role and clickSubmit

4.选择role created and click+under仅此角色的规则桌子。

5.点击one of the options in theRule Type申请选择规则,然后单击好的。

6.在里面New Forwarding Rule部分,配置所有参数。

7.点击Submit

8.Select one of the following options to add a policy to the role:

在里面Policies选项卡选择创建的角色,然后单击+在下面Policies桌子。Enter aName对于政策,选择一个Policy type。点击Submit

To associate an existing policy to a user role:

选择Role来自Rolestab and clickShow Advanced View角色<政策名称>桌子。

点击+在下面Policies标签。

SelectAdd an existing policy选项并从策略名称下拉列表。

点击Submit

有关创建一个的更多信息防火墙Firewall is a network security system used for preventing unauthorized access to or from a private network.policy, see防火墙政策

9。(Optional) If the user role contains more than one防火墙Firewall is a network security system used for preventing unauthorized access to or from a private network.策略,使用上下箭头为每个角色分配优先级。列表中的政策越高,优先级就越高。

10.点击Show Advanced Viewand enter the configuration values as described inTable 1

11.点击提交。

12.点击Pending Changes

13.在里面Pending Changes窗口,选择复选框,然后单击部署更改

14.Assign the user role to aAAA身份验证,授权和会计。AAA是一个安全框架,可以对用户进行身份验证,授权基于用户凭据的访问类型,并记录有关网络访问和网络资源消耗的身份验证事件以及信息。profile in themanaged device。After assigning the user role, execute the显示参考用户角色<角色> command on themanaged device查看引用此角色的配置文件。有关更多信息,请参阅分配用户角色的工作流程

表格1:用户角色参数

Parameter

描述

Name

Name of the user role. The character length of a user role is from 1-63 characters.

更多的

VLAN(可选)

Navigate to更多>网络to assignVlan虚拟局域网。在计算机网络中,可以对单层2网络进行分区,以创建多个不同的广播域,它们是相互隔离的,因此数据包只能通过一个或多个路由器之间传递它们。这样的域称为虚拟局域网,虚拟LAN或VLAN。用户角色ID。由default, a client is assigned aVlan虚拟局域网。在计算机网络中,可以对单层2网络进行分区,以创建多个不同的广播域,它们是相互隔离的,因此数据包只能通过一个或多个路由器之间传递它们。这样的域称为虚拟局域网,虚拟LAN或VLAN。的基础上进入Vlan虚拟局域网。在计算机网络中,可以对单层2网络进行分区,以创建多个不同的广播域,它们是相互隔离的,因此数据包只能通过一个或多个路由器之间传递它们。这样的域称为虚拟局域网,虚拟LAN或VLAN。for the client to themanaged device。You can override this assignment and configure theVlan虚拟局域网。在计算机网络中,可以对单层2网络进行分区,以创建多个不同的广播域,它们是相互隔离的,因此数据包只能通过一个或多个路由器之间传递它们。这样的域称为虚拟局域网,虚拟LAN或VLAN。ID that is to be assigned to the user role.

Re-auth interval (optional)

Navigate to更多>网络to configure time, in minutes, after which the client is required to reauthenticate. Enter a value between 0-4096. 0 disables reauthentication.

默认值:0(禁用)

最大会议(可选)

Navigate to更多>网络在此角色中配置每个用户的最大会话数。如果会话达到最大值,则该用户到达阈值的任何额外会话都将被阻止,直到用户的会话使用计数降至已配置的限制以下。

The default is 65535. You can configure any value between 0-65535.

Deep packet inspection (optional)

Navigate to更多>网络to enable or disable deep packet inspection. This setting is enabled by default.

Web内容分类(可选)

Navigate to更多>网络to enable or disable web content classification for allHTTP超文本传输​​协议。HTTP是通过Web传输数据的应用程序协议。HTTP协议定义了如何格式和传输消息,以及W服务器和浏览器应采取的操作以响应各种命令。交通。默认情况下启用此设置。

YouTube education (optional)

Navigate to更多>网络启用或禁用YouTube教育。默认情况下禁用此设置。如果启用了,页面将重定向到YouTube教育,在没有流媒体视频的情况下

and the user can enter a YouTube education enabled cookie (optional).

开放流(可选)

Navigate to更多>网络to enable or disable Software Defined Network for the user role. This setting is enabled by default.

VPN拨号器(可选)

Navigate to更多> VPNto assign aVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.dialer to a user role. For details aboutVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.dialer, seeVirtual Private Networks

Select a dialer from the drop-down list and assign it to the user role. This dialer will be available for download when a client logs in usingcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.and is assigned this role.

L2TP Pool (optional)

Navigate to更多> VPNto assign anL2TP第2层隧道协议。L2TP是ISP使用的网络协议,用于启用VPN操作。pool to the user role. For more details aboutL2TP第2层隧道协议。L2TP是ISP使用的网络协议,用于启用VPN操作。pools, seeVirtual Private Networks

选择requiredL2TP第2层隧道协议。L2TP是ISP使用的网络协议,用于启用VPN操作。从列表中的池分配给用户角色。内部IP地址VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.隧道使用L2TP第2层隧道协议。L2TP是ISP使用的网络协议,用于启用VPN操作。will be assigned from this pool of IP addresses for clients in this user role.

PPTP Pool (optional)

Navigate to更多> VPNto assign aPPTP点对点隧道协议。PPTP是实现虚拟专用网络的一种方法。它使用TCP上的控制通道和运行的GRE隧道来封装PPP数据包。pool to the user role. For more details aboutPPTP点对点隧道协议。PPTP是实现虚拟专用网络的一种方法。它使用TCP上的控制通道和运行的GRE隧道来封装PPP数据包。pools, seeVirtual Private Networks

选择requiredPPTP点对点隧道协议。PPTP是实现虚拟专用网络的一种方法。它使用TCP上的控制通道和运行的GRE隧道来封装PPP数据包。从列表中的池分配给用户角色。内部IP地址VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.隧道使用PPTP点对点隧道协议。PPTP是实现虚拟专用网络的一种方法。它使用TCP上的控制通道和运行的GRE隧道来封装PPP数据包。will be assigned from this pool of IP addresses for clients in this user role.

VIA connection profile

Navigate to更多> VPNto assign aVIAVirtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network.连接配置文件the user role.

IDP配置文件(可选)

Navigate to更多的> Authenticationto assign a IDP profile to the user role. For more details, refer to

Stateful NTLM profile (optional)

Navigate to更多的> Authenticationto assign a stateful NTLM profile to the user role. For more details, refer toConfiguring Stateful NT LAN Manager Authentication

状态的kerberos个人资料(可选)

Navigate to更多的> Authentication为用户角色分配一个状态的kerberos配置文件。有关更多详细信息,请参阅Configuring Stateful Kerberos Authentication

WISPRprofile (optional)

Navigate to更多的> Authenticationto assign aWISPRWireless Internet Service Provider Roaming. The WISPr framework enables the client devices to roam between the wireless hotspots using different ISPs.有关用户角色的个人资料。有关更多详细信息,请参阅WISPRAuthentication

Captive Portal Profile (optional)

Navigate to更多的> Authenticationto assign aCaptive PortalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.该角色的概况。有关更多详细信息Captive PortalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.个人资料,请参阅Captive Portal Authentication

Captive Portal Check for Accounting

(optional)

Navigate to更多的> Authenticationto enable or disable this setting. This setting is enabled by default. If disabled,半径远程身份验证拨号用户服务。用于远程身份验证的行业标准网络访问协议。它允许对想要访问网络资源的远程用户进行身份验证,授权和会计。不管captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证用户的角色中的配置文件。如果启用了,只要用户的角色具有captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.profile on it. Accounting will start when Auth orXMLExtensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.-Add或COA更改授权。RADIUS COA用于AAA服务框架中,以允许对身份验证,授权和主动用户会话进行动态修改。changes the role of an authenticated user to a role which doesn't havecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.profile.

Bandwidth

Bandwidth (optional)

Navigate toShow Advanced View > Bandwidthto assign a bandwidth contract and provide an upper limit to upstream or downstream bandwidth utilized by clients in this role. You can select the Per User option to apply the bandwidth contracts on a per-user basis instead of to all clients in the role.

有关更多信息,请参阅Global Bandwidth Contract Configuration

Captive Portal

Captive Portal

此选项卡使您可以个性化captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.页。有关详细信息,请参阅个性化圈养门户页面

删除用户角色

以下过程描述了如何删除用户角色:

1.在里面Managed Networknode hierarchy, navigate to the配置>Roles & Policies > Rolestab on the WebUI.

2.选择Role然后单击删除图标。

您无法删除引用配置文件或服务器派生角色的用户角色。删除引用的服务器角色将导致错误。删除对角色的所有引用,然后执行删除操作。
/*]]>*/
Baidu